Current Events

581 Articles

This Week In Security: Scamming The FBI, In The Wild, And AI Security

December 16, 2022 by 16 Comments

If you’re part of a government alphabet agency, particularly running a program to share information to fight cybercrime, make sure to properly verify the identity of new members before admission. Oh, and make sure the API is rate-limited so a malicious member can’t scrape the entire user database and sell it on a dark web forum.

Putting snark aside, this is exactly what has happened to the FBI’s InfraGuard program. A clever user applied to the program using a CEO’s name and phone number, and a convincing-looking email address. The program administrators didn’t do much due diligence, and approved the application. Awkward.

BSD Ping

First off, the good folks at FreeBSD have published some errata about the ping problem we talked about last week. First off, note that while ping does elevate to root privileges via setuid, those privileges are dropped before any data handling occurs. And ping on FreeBSD runs inside a Capsicum sandbox, a huge obstacle to system compromise from within ping. And finally, further examination of the bug in a real-world context casts doubt on the idea that Remote Code Execution (RCE) is actually possible due to stack layouts.

If someone messes up somewhere, go look if you messed up in the same or similar way somewhere else.

Sage advice from [Florian Obser], OpenBSD developer. So seeing the ping problem in FreeBSD, he set about checking the OpenBSD ping implementation for identical or similar problems. The vulnerable code isn’t shared between the versions, so he reached for afl++, a fuzzing tool with an impressive list of finds. Connect afl++ to the function in ping that handles incoming data, and see what shakes out. The conclusion? No crashes found in this particular effort, but several hangs were identified and fixed. And that is a win. Continue reading “This Week In Security: Scamming The FBI, In The Wild, And AI Security”

Australia’s Soft Plastic Recycling Debacle

December 15, 2022 by 80 Comments

We’ve all been told to cut back on waste to help prevent environmental crisis on Earth. Reducing waste helps reduce the need to spend time and energy digging up fresh materials, and helps reduce the amount of trash we have to go out and bury in the ground in landfills. Recycling is a big part of this drive, allowing us to divert waste by reprocessing it into fresh new materials.

Sadly, though, recycling isn’t always as magical as it seems. As Australia has just found out, it’s harder than it sounds, and often smoke and mirrors prevent the public from understanding what’s really going on. Here’s how soft plastic recycling went wrong Down Under.

Continue reading “Australia’s Soft Plastic Recycling Debacle”

NASA Aces Artemis I, But The Journey Has Just Begun

December 12, 2022 by 51 Comments

When NASA’s Orion capsule splashed down in the Pacific Ocean yesterday afternoon, it marked the end of a journey that started decades ago. The origins of the Orion capsule can be tracked back to a Lockheed Martin proposal from the early 2000s, and development of the towering Space Launch System rocket that sent it on its historic trip around the Moon started back in 2011 — although few at the time could have imagined that’s what it would end up being used for. The intended mission for the incredibly powerful Shuttle-derived rocket  changed so many times over the years that for a time it was referred to as the “Rocket to Nowhere”, as it appeared the agency couldn’t decide just where they wanted to send their flagship exploration vehicle.

But today, for perhaps the first time, the future of the SLS and Orion seem bright. The Artemis I mission wasn’t just a technical success by about pretty much every metric you’d care to use, it was also a public relations boon the likes of which NASA has rarely seen outside the dramatic landings of their Mars rovers. Tens of millions of people watched the unmanned mission blast off towards the Moon, a prelude to the global excitement that will surround the crewed follow-up flight currently scheduled for 2024.

As NASA’s commentators reminded viewers during the live streamed segments of the nearly 26-day long mission around the Moon, the test flight officially ushered in what the space agency is calling the Artemis Generation, a new era of lunar exploration that picks up where the Apollo left off. Rather than occasional hasty visits to its beautiful desolation, Artemis aims to lay the groundwork for a permanent human presence on our natural satellite.

With the successful conclusion of the Artemis I, NASA has now demonstrated effectively two-thirds of the hardware and techniques required to return humans to the surface of the Moon: SLS proved it has the power to send heavy payloads beyond low Earth orbit, and the long-duration flight Orion took around our nearest celestial neighbor ensured it’s more than up to the task of ferrying human explorers on a shorter and more direct route.

But of course, it would be unreasonable to expect the first flight of such a complex vehicle to go off without a hitch. While the primary mission goals were all accomplished, and the architecture generally met or exceeded pre-launch expectations, there’s still plenty of work to be done before NASA is ready for Artemis II.

Continue reading “NASA Aces Artemis I, But The Journey Has Just Begun”

Ask Hackaday: Will Your 2030 Car Have AM Radio?

December 9, 2022 by 171 Comments

Car makers have been phasing out AM radios in their cars for quite some time. Let’s face it, there isn’t much on AM these days, and electric vehicles have been known to cause interference with AM radios. So why have them? For that matter, many aftermarket head units now don’t even have radios at all. They play digital media or stream Bluetooth from your phone. However, a U.S. Senator, Edward J. Markey, has started a letter-writing campaign to the major car makers urging them to retain the AM radio in their future vehicles.

So does that mean AM lives? Or will the car makers kill it off? The letter requests that the companies answer several questions, including if they plan to discontinue AM or FM radios in the near future and if they support digital broadcast radio.

Continue reading “Ask Hackaday: Will Your 2030 Car Have AM Radio?”

This Week In Security: Huawei Gets The Banhammer, Lastpass, And Old Code Breaking

December 2, 2022 by 37 Comments

While many of us were enjoying some time off for Thanksgiving, the US government took drastic action against Huawei and four other Chinese companies. The hardest hit are Huawei and ZTE, as the ban prevents any new products from being approved for the US market. The other three companies are Dahua and Hikvision, which make video surveillance equipment, and Hytera, which makes radio systems. FCC Commissioner Brendan Carr noted the seriousness of the decision.

[As] a result of our order, no new Huawei or ZTE equipment can be approved. And no new Dahua, Hikvision, or Hytera gear can be approved unless they assure the FCC that their gear won’t be used for public safety, security of government facilities, & other national security purposes.

There is even the potential that previously approved equipment could have its authorization pulled. The raw FCC documents are available, if you really wish to wade through them. What’s notable is that two diametrically opposed US administrations have both pushed for this ban. It would surely be interesting to get a look at the classified reports detailing what was actually found. Maybe in another decade or two, we can make a Freedom of Information Act request and finally get the full story.

Continue reading “This Week In Security: Huawei Gets The Banhammer, Lastpass, And Old Code Breaking”

EV Chargers Could Be A Serious Target For Hackers

November 28, 2022 by 56 Comments

Computers! They’re in everything these days. Everything from thermostats to fridges and even window blinds are now on the Internet, and that makes them all ripe for hacking.

Electric vehicle chargers are becoming a part of regular life. They too are connected devices, and thus pose a security risk if not designed and maintained properly. As with so many other devices on the Internet of Things, the truth is anything but. 

Continue reading “EV Chargers Could Be A Serious Target For Hackers”

Don’t Believe Everything You Read: The Great Electric Toaster Hoax

November 23, 2022 by 65 Comments

We’ve all looked up things on Wikipedia and, generally, it is usually correct information. However, the fact that anyone can edit it leads to abuse and makes it somewhat unreliable. Case in point? The BBC’s [Marco Silva] has the story of the great online toaster hoax which erroneously identified the inventor of the toaster with great impact.

You should read the original story, but in case you want a synopsis, here goes: Until recently, the Wikipedia entry for toasters stated that a Scottish man named Alan MacMasters invented the electric toaster in the 1800s. Sounds plausible. Even more so because several books had picked it up along with the Scottish government’s Brand Scottland website. At least one school had a day memorializing the inventor and a TV show also honored him with a special dessert named for Alan MacMasters, the supposed inventor. Continue reading “Don’t Believe Everything You Read: The Great Electric Toaster Hoax”